cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Source NAT to "Firewall (IP)"

Hi, I'm trying to better understand the rulebase on our Sidewinders and can see a number of rules that source NAT field set to "Firewall (IP)" which a mouse-hover shows as 127.0.0.1. I'm trying to understand in what scenarios you'd want to set the source address of a flow to 127.0.0.1. All I've come up with is a way to prevent the traffic from being forwarded...... Any advise much appreciated!!

Thanks,

Tim

3 Replies
mtuma
Level 13
Report Inappropriate Content
Message 2 of 4

Re: Source NAT to "Firewall (IP)"

Hello,

Typically you would want the source NAT set to "<localhost> (Host)", which automatically NATs to the outgoing interface. Can you tell what the traffic is actually being NATted to when using "Firewall (IP)"? If it is indeed NATting to 127.0.0.1 then I would expect that to fail.

-Matt

Re: Source NAT to "Firewall (IP)"

Matt, they're very generic rules and I'm struggling to know if anything's hitting them. Is there a way from the audit view to show the rule ID that a particular flow hit?

Cheers,

Tim

mtuma
Level 13
Report Inappropriate Content
Message 4 of 4

Re: Source NAT to "Firewall (IP)"

Every time a rule is hit it will be audited (by default). There are a few easy ways to check to see if they are being hit:

1) On the Dashboard there are tabs for most frequently used Applications, Threats, Policy, etc. Go to the Policy tab and that may show you if the rules are being hit.

2) If you right click on the rule itself you should be able to View Audit associated with that rule.

Hope this helps,

Matt

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community